Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

ImgHosting 1.2 Cross Site Scripting

ImgHosting version 1.2 suffers from a cross site scripting vulnerability.

Packet Storm
Open in Source
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#ubuntu#linux#debian#cisco#java#php#perl#auth#ruby#firefox
CVE-2023-41005: There is a logical flaw that leads to obtaining shell access. · Issue #977 · pagekit/pagekit

An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php

CVE-2023-39700: OWASP Top Ten 2017 | A7:2017-Cross-Site Scripting (XSS)

IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.

FAST TECH CMS 1.0 Cross Site Request Forgery

FAST TECH CMS version 1.0 suffers from a cross site request forgery vulnerability.

Thousands of Unpatched Openfire XMPP Servers Still Exposed to High-Severity Flaw

Thousands of Openfire XMPP servers are unpatched against a recently disclosed high-severity flaw and are susceptible to a new exploit, according to a new report from VulnCheck. Tracked as CVE-2023-32315 (CVSS score: 7.5), the vulnerability relates to a path traversal vulnerability in Openfire's administrative console that could permit an unauthenticated attacker to access otherwise restricted

CVE-2023-40572: XWIKI-20849: Require a CSRF token in the create action · xwiki/xwiki-platform@4b20528

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. When a user with script right views this image and a log message `ERROR foo - Script executed!` appears in the log, the XWiki installation is vulnerable. This has been patched in XWiki 14.10.9 and 15.4RC1 by requiring a CSRF token for the actual page creation.

CVE-2023-40573: Groovy jobs check the wrong author, allowing remote code execution

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job script to a document doesn't modify the content author. Together with a CSRF vulnerability in the job scheduler, this can be exploited for remote code execution by an attacker with edit right on the wiki. If the attack is successful, an error log entry with "Job content executed" will be produced. This vulnerability has been patched in XWiki 14.10.9 and 15.4RC1.